<?php
include_once('common/header.php');
if($AppUI->id <=0 ) {
	$strUsername = $objRequest->getParam('username', null);
	$strPassword = $objRequest->getParam('password', null);
	$intError	 = 0;	
	if(isset($strUsername) && isset($strPassword)) {		
		if(isset($_SESSION['LOGIN_ERROR'])) unset($_SESSION['LOGIN_ERROR']);
		$objAdmin	= new Admin();
		$arrInfo 	= $objAdmin->getInfoByUsername($strUsername);		
		
		if($arrInfo) {
			$strPassDb 		= $arrInfo->password;
			$strChapassword	= md5(md5(session_id()) . $strPassDb);							
			if($strChapassword == $strPassword) {
				session_regenerate_id();
				$objAuth = new Ecore_Auth();
				if($AppUI = $objAuth->auth($arrInfo, 1)) {					
					$this->_redirect(isset($_SESSION[SESSION_BACKURL]) ? $_SESSION[SESSION_BACKURL] : HOST_BACKEND);
					exit();
				}
			} else {
				$intError = 3;
			}
		} else {
			$intError = 2;
		}
	} else {
		$intError = 4;
	}
	if($intError > 0) {		
		$_SESSION['LOGIN_ERROR'] = array('username'=>$strUsername,'error'=>$intError);		
	}	
	$this->_redirect(HOST_BACKEND);
} else {
	$this->_redirect(isset($_SESSION[SESSION_BACKURL]) ? $_SESSION[SESSION_BACKURL] : HOST_BACKEND);
}
